You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

PHP Email Form

Hey, so I wanted to add a contact/email form on my website so I searched around the web and figured out how to do it in PHP.I uploaded it to my server and when I went to it on my website, the screen was blank. Here's the code I added to my website:

BC AdBot (Login to Remove)

1. $person = $_POST['person']; must be initialized before $to. The way you ordered it, $to will be blank as $person is not initialized yet.

2. You forgot the $ in if($_POST). Not sure if that will even work. You can use something like this to check if the form was submitted:

if ($_SERVER['REQUEST_METHOD'] == "POST")

3. $person = "") should read $person == "")

4. $feedback = 'Please fill out all the fields."; You have the mismatched single quotes and double quotes around the string.

Finally, you need to add some sanitization to the person variable. You should make it so it checks for the legitimate email addresses and only sends to those. Otherwise people will use your form to send spam.

Hey, so I applied the changes that you requested and it still shows as blank. I also tried to do it again with help from some tutorials. When I run it, it shows up but now, it doesn't send when you hit the send button, it just goes to a blank page. Here's the code:

Works for me. If you are specifying the name of the php script that will process the form, make sure its the name you specified. In this case Contact.php. You can leave it blank to specify the same form:

<form action="" method="post" id="messages_form">

You still have the issue where your form can easily be used for spam. When I said to sanitize your input, I meant to make it so that the possible email addresses you can send to are hard coded in the php. There is no need for reg exp in this code.

Instead create an array of all the possible email address that the visitor can accept.

Test the email address selected in the form against this array and if the user is not a valid one that you want mail sent to, change it to a default email. If you use this method, you can remove the two regexp checks. If you wish, instead of default to a particular use, you can have it display an error instead.

You are also modifying contents of the $_POST variable which is probably not the best method in the event you need access to its original data in the future. Instead you should create a different variable to store the returned data.

Edited by Grinler, 26 September 2012 - 08:29 AM.mistakenly changed name of variable

In the example above, the variable name is changed between $email_to and $to_email. Even though it was checking the array, the variable set initially and the variable passed through to the mail function were never modified so would still mail whoever you initially passed in $_POST['person']